Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

conhost cmd msiexec and notepad


  • Please log in to reply
9 replies to this topic

#1 shenly

shenly

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 09 July 2015 - 02:45 PM

I have a computer with high cpu utilization and task manager shows several instances of the programs above.  I ran Norton and Windows Defender and neither found anything.

 

If you could possibly help that would be great.   I have taken the computer off the network for now.

 

Thanks!



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:18 AM

Posted 09 July 2015 - 07:50 PM

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.



If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


How to get logs:
(Export log to save as txt)


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.



(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


p22002970.gifDownload 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"


NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 kob2

kob2

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 10 July 2015 - 09:30 AM

I too am experiencing this problem. Any results so far?



#4 shenly

shenly
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 10 July 2015 - 09:52 AM

I am doing the scans right now so I can post the logs.  MBAM found Trojan.bedop and Trojan.clicker.  As soon as the scans are done I will post the logs and Broni can assist me further.   Thanks Broni!



#5 shenly

shenly
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 10 July 2015 - 10:07 AM

 Results of screen317's Security Check version 1.005 

 

Windows 7 Service Pack 1 x64 (UAC is enabled) 

 

Internet Explorer 10 Out of date!

 

``````````````Antivirus/Firewall Check:``````````````

 

Windows Firewall Disabled! 

 

Symantec Endpoint Protection  

 

WMI entry may not exist for antivirus; attempting automatic update.

 

`````````Anti-malware/Other Utilities Check:`````````

 

Java 8 Update 31 

 

Java version 32-bit out of Date!

 

  Adobe Flash Player 17.0.0.190 Flash Player out of Date! 

 

Mozilla Firefox 31.0 Firefox out of Date! 

 

````````Process Check: objlist.exe by Laurent```````` 

 

Norton ccSvcHst.exe

 

jmiller.TSSLLP Desktop Virus Tools SecurityCheck.exe

 

`````````````````System Health check`````````````````

 

Total Fragmentation on Drive C: 0%

 

````````````````````End of Log``````````````````````

 

 

 

 

Farbar Service Scanner Version: 17-01-2015

 

Ran by JMILLER (administrator) on 10-07-2015 at 09:47:36

 

Running from "C:\Users\jmiller.TSSLLP\Desktop\Virus Tools"

 

Microsoft Windows 7 Professional  Service Pack 1 (X64)

 

Boot Mode: Normal

 

****************************************************************

 

 

Internet Services:

 

============

 

 

Connection Status:

 

==============

 

Localhost is accessible.

 

LAN connected.

 

Google IP is accessible.

 

Google.com is accessible.

 

Yahoo.com is accessible.

 

 

 

Windows Firewall:

 

=============

 

 

Firewall Disabled Policy:

 

==================

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

 

"EnableFirewall"=DWORD:0

 

 

 

System Restore:

 

============

 

 

System Restore Policy:

 

========================

 

 

 

Action Center:

 

============

 

 

 

Windows Update:

 

============

 

 

Windows Autoupdate Disabled Policy:

 

============================

 

 

 

Windows Defender:

 

==============

 

 

Other Services:

 

==============

 

 

 

File Check:

 

========

 

C:\Windows\System32\nsisvc.dll => File is digitally signed

 

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

 

C:\Windows\System32\dhcpcore.dll => File is digitally signed

 

C:\Windows\System32\drivers\afd.sys => File is digitally signed

 

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

 

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

 

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

 

C:\Windows\System32\mpssvc.dll => File is digitally signed

 

C:\Windows\System32\bfe.dll => File is digitally signed

 

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

 

C:\Windows\System32\SDRSVC.dll => File is digitally signed

 

C:\Windows\System32\vssvc.exe => File is digitally signed

 

C:\Windows\System32\wscsvc.dll => File is digitally signed

 

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

 

C:\Windows\System32\wuaueng.dll => File is digitally signed

 

C:\Windows\System32\qmgr.dll => File is digitally signed

 

C:\Windows\System32\es.dll => File is digitally signed

 

C:\Windows\System32\cryptsvc.dll => File is digitally signed

 

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

 

C:\Windows\System32\ipnathlp.dll => File is digitally signed

 

C:\Windows\System32\iphlpsvc.dll => File is digitally signed

 

C:\Windows\System32\svchost.exe => File is digitally signed

 

C:\Windows\System32\rpcss.dll => File is digitally signed

 

 

 

**** End of log ****

 

 

MiniToolBox by Farbar  Version: 01-07-2015

 

Ran by JMILLER (administrator) on 10-07-2015 at 09:50:51

 

Running from "C:\Users\jmiller.TSSLLP\Desktop\Virus Tools"

 

Microsoft Windows 7 Professional  Service Pack 1 (X64)

 

Model: HP Compaq 8200 Elite SFF PC Manufacturer: Hewlett-Packard

 

Boot Mode: Normal

 

***************************************************************************

 

 

========================= IE Proxy Settings: ==============================

 

 

Proxy is not enabled.

 

No Proxy Server is set.

 

 

========================= FF Proxy Settings: ==============================

 

 

========================= Hosts content: =================================

 

 

 

 

========================= Winsock entries =====================================

 

 

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)

 

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

 

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

 

Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

 

Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

 

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

 

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

 

Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

 

Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

 

Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

 

Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

 

Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

 

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

 

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

 

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

 

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

 

x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)

 

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

 

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

 

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

 

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

 

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

 

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

 

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

 

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

 

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

 

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

 

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

 

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

 

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

 

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

 

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

 

 

========================= Event log errors: ===============================

 

 

Application errors:

 

==================

 

Error: (07/09/2015 03:32:28 PM) (Source: Symantec AntiVirus) (User: )

 

Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\jmiller.TSSLLP\Downloads\ComboFix.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

 

 

Error: (07/09/2015 03:32:13 PM) (Source: Symantec AntiVirus) (User: )

 

Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\jmiller.TSSLLP\Downloads\FRST64.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

 

 

Error: (07/09/2015 03:31:29 PM) (Source: Symantec AntiVirus) (User: )

 

Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\jmiller.TSSLLP\Downloads\FRST64.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

 

 

Error: (07/09/2015 02:39:43 PM) (Source: Automatic LiveUpdate Scheduler) (User: NT AUTHORITY)

 

Description: errorFailed unregistering service.

 

 

Error: (07/09/2015 01:17:26 PM) (Source: Application Error) (User: )

 

Description: Faulting application name: connectbgdl.exe, version: 2012.0.0.7, time stamp: 0x546c9c2f

 

Faulting module name: connectbgdl.exe, version: 2012.0.0.7, time stamp: 0x546c9c2f

 

Exception code: 0x40000015

 

Fault offset: 0x0015f8e1

 

Faulting process id: 0x1448

 

Faulting application start time: 0xconnectbgdl.exe0

 

Faulting application path: connectbgdl.exe1

 

Faulting module path: connectbgdl.exe2

 

Report Id: connectbgdl.exe3

 

 

Error: (07/09/2015 00:24:01 PM) (Source: Application Error) (User: )

 

Description: Faulting application name: connectbgdl.exe, version: 2012.0.0.7, time stamp: 0x546c9c2f

 

Faulting module name: connectbgdl.exe, version: 2012.0.0.7, time stamp: 0x546c9c2f

 

Exception code: 0x40000015

 

Fault offset: 0x0015f8e1

 

Faulting process id: 0x14f8

 

Faulting application start time: 0xconnectbgdl.exe0

 

Faulting application path: connectbgdl.exe1

 

Faulting module path: connectbgdl.exe2

 

Report Id: connectbgdl.exe3

 

 

Error: (07/08/2015 09:43:56 AM) (Source: MSSQL$PROFXENGAGEMENT) (User: )

 

Description: There is insufficient system memory in resource pool 'internal' to run this query.

 

 

Error: (07/06/2015 03:37:20 PM) (Source: Application Error) (User: )

 

Description: Faulting application name: Acrobat.exe, version: 11.0.11.18, time stamp: 0x5543b1c0

 

Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x55636317

 

Exception code: 0xc0000374

 

Fault offset: 0x000cea5f

 

Faulting process id: 0x1e70

 

Faulting application start time: 0xAcrobat.exe0

 

Faulting application path: Acrobat.exe1

 

Faulting module path: Acrobat.exe2

 

Report Id: Acrobat.exe3

 

 

Error: (07/06/2015 09:04:07 AM) (Source: Application Hang) (User: )

 

Description: The program IEXPLORE.EXE version 10.0.9200.17377 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

 

Process ID: 1adc

 

 

Start Time: 01d0b7e8db60f031

 

 

Termination Time: 40

 

 

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

 

 

Report Id:

 

 

Error: (07/02/2015 09:54:40 AM) (Source: Application Hang) (User: )

 

Description: The program IEXPLORE.EXE version 10.0.9200.17377 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

 

Process ID: 9ec

 

 

Start Time: 01d0b4cdbf4cdf17

 

 

Termination Time: 16

 

 

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

 

 

Report Id:

 

 

 

System errors:

 

=============

 

Error: (07/10/2015 09:50:43 AM) (Source: Schannel) (User: NT AUTHORITY)

 

Description: The following fatal alert was received: 40.

 

 

Error: (07/10/2015 09:50:43 AM) (Source: Schannel) (User: NT AUTHORITY)

 

Description: The following fatal alert was received: 40.

 

 

Error: (07/10/2015 09:50:18 AM) (Source: Schannel) (User: NT AUTHORITY)

 

Description: The following fatal alert was received: 40.

 

 

Error: (07/10/2015 09:50:18 AM) (Source: Schannel) (User: NT AUTHORITY)

 

Description: The following fatal alert was received: 40.

 

 

Error: (07/10/2015 09:50:09 AM) (Source: Schannel) (User: NT AUTHORITY)

 

Description: The following fatal alert was received: 40.

 

 

Error: (07/10/2015 09:49:43 AM) (Source: Schannel) (User: NT AUTHORITY)

 

Description: The following fatal alert was received: 40.

 

 

Error: (07/10/2015 09:49:36 AM) (Source: Schannel) (User: NT AUTHORITY)

 

Description: The following fatal alert was received: 40.

 

 

Error: (07/10/2015 09:49:35 AM) (Source: Schannel) (User: NT AUTHORITY)

 

Description: The following fatal alert was received: 40.

 

 

Error: (07/10/2015 09:49:24 AM) (Source: Schannel) (User: NT AUTHORITY)

 

Description: The following fatal alert was received: 40.

 

 

Error: (07/10/2015 09:49:21 AM) (Source: Schannel) (User: NT AUTHORITY)

 

Description: The following fatal alert was received: 40.

 

 

 

Microsoft Office Sessions:

 

=========================

 

Error: (08/19/2013 04:44:16 PM) (Source: Microsoft Office 12 Sessions)(User: )

 

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 536 seconds with 480 seconds of active time.  This session ended with a crash.

 

 

Error: (07/09/2013 05:37:33 PM) (Source: Microsoft Office 12 Sessions)(User: )

 

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1278 seconds with 120 seconds of active time.  This session ended with a crash.

 

 

Error: (07/09/2013 05:16:06 PM) (Source: Microsoft Office 12 Sessions)(User: )

 

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3456 seconds with 1440 seconds of active time.  This session ended with a crash.

 

 

Error: (07/09/2013 04:18:21 PM) (Source: Microsoft Office 12 Sessions)(User: )

 

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1900 seconds with 180 seconds of active time.  This session ended with a crash.

 

 

Error: (07/09/2013 03:46:31 PM) (Source: Microsoft Office 12 Sessions)(User: )

 

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1208 seconds with 420 seconds of active time.  This session ended with a crash.

 

 

Error: (09/05/2012 00:40:50 PM) (Source: Microsoft Office 12 Sessions)(User: )

 

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2944 seconds with 540 seconds of active time.  This session ended with a crash.

 

 

 

=========================== Installed Programs ============================

 

 

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden

 

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden

 

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden

 

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden

 

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden

 

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden

 

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version:  - Microsoft) Hidden

 

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}) (Version:  - Microsoft) Hidden

 

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}) (Version:  - Microsoft) Hidden

 

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version:  - Microsoft) Hidden

 

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden

 

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden

 

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden

 

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden

 

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden

 

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden

 

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden

 

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden

 

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden

 

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

 

2012 Tax Grouping Update Wizard v2 (HKLM-x32\...\{D4B0874D-DC36-4EB6-B22A-1F5A9EDBDCAD}) (Version: 1.0.100.1010 - CCH Tax and Accounting.  A Wolters Kluwer business) Hidden

 

Adobe Acrobat XI Standard (HKLM-x32\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.11 - Adobe Systems)

 

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)

 

Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.203 - Adobe Systems Incorporated)

 

ATI Catalyst Install Manager (HKLM\...\{3A477F94-D551-17B2-26A5-7AD895F6C8BA}) (Version: 3.0.804.0 - ATI Technologies, Inc.)

 

ATI Problem Report Wizard (HKLM\...\{057871D9-D9CD-15CF-50DC-9192C9B3D00E}) (Version: 3.0.804.0 - ATI Technologies) Hidden

 

ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.)

 

Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)

 

BNA Fixed Assets DesktopPro (HKLM-x32\...\{2169B8F7-162F-471B-AAFB-E927BB703B79}) (Version: 14.2.48 - Bloomberg BNA)

 

ccc-core-static (HKLM-x32\...\{4FFFCE73-5B6F-C016-83BB-8836E9E2656A}) (Version: 2010.1228.2239.40637 - ATI) Hidden

 

Checkpoint Tools for PPC (HKLM-x32\...\{AC1CB678-27E0-4BC9-BBC1-D774D78D9AD8}) (Version: 4.3.1 - Thomson Reuters (Tax & Accounting) Inc.)

 

Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.835 - Corel Inc.)

 

Crystal Reports9 (HKLM-x32\...\{543A636A-E53F-416F-8AB5-8BFE7B698C69}) (Version: 2005.1020.1239.0001 - CCH Incorporated) Hidden

 

Crystal Reports9 (HKLM-x32\...\Crystal Reports9) (Version: 2005.1020.1239.0001 - CCH Incorporated)

 

CS Depreciation Conversions (HKLM-x32\...\{C7F26DBA-9BA6-460F-8BBB-77E6EC6A764E}) (Version: 13.1 - Creative Solutions)

 

Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.1.0.1 - Hewlett-Packard Company)

 

DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden

 

Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.82.26444 - Hewlett-Packard Company)

 

File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.15 - Hewlett-Packard Company)

 

GDR 4033 for SQL Server 2008 R2 (KB2977320) (HKLM-x32\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation)

 

Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)

 

Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden

 

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)

 

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden

 

Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden

 

Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden

 

HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)

 

HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.06.1004 - Hewlett-Packard Company)

 

HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)

 

HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)

 

HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)

 

HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)

 

HydraVision (HKLM-x32\...\{6E30650C-81B1-9AD2-812E-DBAA19763B8B}) (Version: 4.2.184.0 - ATI Technologies Inc.) Hidden

 

Infragisticsv112Install 2013 (HKLM-x32\...\{E20658ED-E86A-4681-9649-2AB8151B4ADF}) (Version: 13.1.0 - Thomson Reuters)

 

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

 

Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)

 

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

 

Intel® Network Connections 15.7.176.0 (HKLM\...\PROSetDX) (Version: 15.7.176.0 - Intel)

 

Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

 

KONICA MINOLTA bizhub PRO 951 (HKLM\...\KONICA MINOLTA bizhub PRO 951 Installer) (Version:  - KONICA MINOLTA)

 

KONICAMINOLTA652/602Series (HKLM\...\KONICAMINOLTA652/602Series Installer) (Version:  - KONICA MINOLTA)

 

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

 

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

 

Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)

 

Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1146-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1150 - Microsoft Corporation)

 

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)

 

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

 

Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)

 

Microsoft Outlook Personal Folders Backup (HKLM-x32\...\{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}) (Version: 1.10.0.0 - Microsoft Corporation)

 

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)

 

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)

 

Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)

 

Microsoft SQL Server 2008 Management Objects (HKLM-x32\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)

 

Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)

 

Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E8F7904A-4780-4F3F-B153-21BE32857120}) (Version: 10.52.4033.0 - Microsoft Corporation)

 

Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{DAB2D121-A8A3-4E92-A7E5-4319F928735F}) (Version: 10.52.4033.0 - Microsoft Corporation)

 

Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)

 

Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)

 

Microsoft SQL Server Native Client (HKLM\...\{6E740973-8E71-42F9-A910-C18452E60450}) (Version: 9.00.3042.00 - Microsoft Corporation)

 

Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)

 

Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)

 

Microsoft SQLXML 4.0 SP1 (HKLM\...\{9665B2D6-69B1-43A2-B7CB-E05CF7705860}) (Version: 10.1.2531.0 - Microsoft Corporation)

 

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

 

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

 

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

 

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

 

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

 

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

 

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

 

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

 

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

 

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

 

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

 

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

 

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

 

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

 

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

 

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

 

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

 

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

 

Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)

 

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)

 

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

 

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

 

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

 

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

 

MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

 

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

 

PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)

 

PDFlyer (HKLM-x32\...\PDFlyer) (Version: 10.0.73.0 - Wolters Kluwer CCH)

 

Pfx.Ribbon.ExcelAddIn (HKCU\...\B416954527DEE6BCE31CCB2F6241E621B1F9567F) (Version: 1.0.0.0 - Pfx.Ribbon.ExcelAddIn)

 

Pfx.Ribbon.WordAddIn (HKCU\...\2E06C78A4C79A328E22DB52B5BD5A37836AEDE73) (Version: 1.0.0.0 - Pfx.Ribbon.WordAddIn)

 

PlannerDialogSetup (HKLM-x32\...\{183EA32A-4DCD-4DCF-AF44-40F9C18F9B57}) (Version: 13.01.0002 - Thomson Reuters)

 

Portal (HKLM-x32\...\{5E3B233A-86B6-4094-8258-A43A16C000F7}) (Version: 13.13.1115.1551 - CCH Tax and Accounting. A Wolters Kluwer Company.)

 

PPC Data Management Viewer (HKLM-x32\...\{E674E3B0-FABF-4D95-B13D-FB31CB043770}) (Version: 3.1.1 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Audits of 403(B) Plans (2-14) (HKLM-x32\...\{B0F3B6E4-C5EA-459C-9683-D5361BD1BBDA}) (Version: 2014.2.2 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Audits of 403(B) Plans (2-15) (HKLM-x32\...\{459C5CF0-E863-4F84-81FD-B9AE3DBE0177}) (Version: 2015.2.8 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Audits of 403(B) Plans (4-11) (HKLM-x32\...\{9FF01BE8-66DB-4D49-A585-567C71234AEC}) (Version: 2011.4.6 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Audits of 403(B) Plans (4-12) (HKLM-x32\...\{3D6C5B6F-8E89-493D-98F5-2AD6F3AAF927}) (Version: 2012.4.7 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Audits of 403(B) Plans (4-13) (HKLM-x32\...\{5E0BFA74-9CEF-4CC1-852A-007A7C845F98}) (Version: 2013.4.8 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Audits of Employee Benefit Plans (11-11) (HKLM-x32\...\{223A47E6-3DC9-4906-BC19-67C3A1D850E3}) (Version: 2011.11.19 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Audits of Employee Benefit Plans (2-11) (HKLM-x32\...\{2EF0AC8B-D2AA-4034-AA32-167370E7D119}) (Version: 2011.2.6 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Audits of Employee Benefit Plans (2-13) (HKLM-x32\...\{E25EBA47-0CC7-4BE6-AB1F-5CED0598C6A9}) (Version: 2013.2.10 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Audits of Employee Benefit Plans (2-14) (HKLM-x32\...\{01FC6DB8-87BB-4530-B61B-1FC6198BDB70}) (Version: 2014.2.12 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Audits of Employee Benefit Plans (2-15) (HKLM-x32\...\{89F16EBE-3D77-4BB9-86D3-94FA3955BFBF}) (Version: 2015.2.28 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Audits of Employee Benefit Plans (3-12) (HKLM-x32\...\{63A39662-1FDD-43A8-8C4D-57E89DD147BB}) (Version: 2012.3.5 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Audits of Nonprofit Organizations (2-14) (HKLM-x32\...\{2EFFBBCB-DBEE-4205-A46F-EB25CFD244CA}) (Version: 2014.2.14 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Audits of Nonprofit Organizations (2-14) v2 (HKLM-x32\...\{8ECA46EC-E040-4243-A71F-8BA28411A9F8}) (Version: 2014.10.6 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Audits of Nonprofit Organizations (2-15) (HKLM-x32\...\{C64F1F49-5317-40A9-AC61-01A815B1FF5D}) (Version: 2015.2.14 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Audits of Nonprofit Organizations (3-12) (HKLM-x32\...\{A52046A0-E59F-4312-85A7-7ABDB0F2EC18}) (Version: 2012.3.30 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Audits of Nonprofit Organizations (3-13) (HKLM-x32\...\{05533437-5389-4C7B-9D7E-E7D5C631F057}) (Version: 2013.3.14 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Audits of Nonpublic Companies (2-14) (HKLM-x32\...\{07B385BA-21CB-46D9-81AF-2E54A90F2866}) (Version: 2014.2.10 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Audits of Nonpublic Companies (2-14) v2 (HKLM-x32\...\{BD6EA605-B118-421F-8435-227151E45749}) (Version: 2014.10.12 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Audits of Nonpublic Companies (2-15) (HKLM-x32\...\{95D6C2B6-A0C5-4A0A-9D0D-4D150B564E0F}) (Version: 2015.2.13 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Audits of Nonpublic Companies (3-13) (HKLM-x32\...\{685C0C99-C10F-46F2-B362-D35D568884DE}) (Version: 2013.3.21 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Audits of Nonpublic Companies (4-12) (HKLM-x32\...\{383395CC-4865-4D6E-A3BB-8192CB8501AB}) (Version: 2012.4.49 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Compilation and Review Engagements (7-14) (HKLM-x32\...\{CAACAAF4-58F7-42ED-9970-5060465676D5}) (Version: 2014.7.6 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Compilation and Review Engagements (8-11) (HKLM-x32\...\{A6C7C0DC-42CF-4500-8AD6-FC6680C5D65A}) (Version: 2011.8.31 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Compilation and Review Engagements (8-12) (HKLM-x32\...\{5523CA87-52CF-4948-A42F-92D8C253BC40}) (Version: 2012.8.9 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Compilation and Review Engagements (8-13) (HKLM-x32\...\{FD8F8442-23CD-43E0-91D2-AC5F3424BA52}) (Version: 2013.8.10 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Construction Contractors (11-11) (HKLM-x32\...\{C8F1A777-BFC1-4DF5-908B-4055C5973F66}) (Version: 2011.11.7 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Construction Contractors (6-12) (HKLM-x32\...\{9A2E7210-5CE7-4D53-B6AE-CD6900527ACA}) (Version: 2012.6.14 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Construction Contractors (6-13) (HKLM-x32\...\{40BACBE4-6AFA-480B-A0F8-BE92C063DD8F}) (Version: 2013.6.5 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Construction Contractors (6-14) (HKLM-x32\...\{872364E4-CF0F-49D3-9F3B-A7CA120B1DAE}) (Version: 2014.6.9 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC Practice Aids Construction Contractors (6-14) v2 (HKLM-x32\...\{E0874428-3C6B-4CD7-94C0-BEABC2E193AD}) (Version: 2014.10.8 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC SMART Practice Aids - Internal Control (HKLM-x32\...\{1B14CF31-D5BE-446E-BA33-78F84C9F5420}) (Version: 8.0.2 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC SMART Practice Aids - Risk Assessment (HKLM-x32\...\{AAD99FB7-328A-4307-9DAA-E7A07A3B1F85}) (Version: 10.1.8 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPC SMART Practice Aids Shell Extension - x64 (HKLM\...\{C1F97372-627A-409D-81EF-D0539CB20D98}) (Version: 1.0.201 - Thomson Reuters (Tax & Accounting) Inc.)

 

PPCWebMultiSelect (HKLM-x32\...\{E49F34BF-1325-4B0B-A12F-022A5CA7A7EB}) (Version: 2.7.1 - Practitioners Publishing Co)

 

Privacy Manager for HP ProtectTools (HKLM\...\{4BCE2AAB-84AA-4324-9A05-C333BDB3B7A2}) (Version: 6.02.852 - Hewlett-Packard Company)

 

ProSystem fx Document Drive (HKLM\...\{75FE676C-6E32-4634-86EA-39A08EB77F50}) (Version: 3.10 - CCH Incorporated)

 

ProSystem fx Engagement (HKLM-x32\...\{BE4F583B-4121-49E8-906C-BBDE9162AB55}) (Version: 7.1 - CCH, a part of Wolters Kluwer)

 

ProSystem fx Practice (HKLM-x32\...\InstallShield_{DAFAE47A-2598-4633-8696-17A053333B42}) (Version: 8.1 - CCH Incorporated)

 

ProSystem fx Practice/Project 8.1 (HKLM-x32\...\{DAFAE47A-2598-4633-8696-17A053333B42}) (Version: 8.1 - CCH Incorporated) Hidden

 

ProSystem fx Workstation (HKLM-x32\...\ProSystem fx Workstation) (Version:  - CCH Tax and Accounting. A WoltersKluwer Company)

 

QuickBooks (HKLM-x32\...\{9A2F0810-369F-4E86-9072-973FBE1679C5}) (Version: 19.0.4014.705 - Intuit Inc.) Hidden

 

QuickBooks Premier: Accountant Edition 2009 (HKLM-x32\...\{9A2F0810-3623-4E86-9072-973FBE1679C5}) (Version: 19.0.4014.705 - Intuit Inc.)

 

Quicken 2007 (HKLM-x32\...\{0D2E80C8-0875-43EB-9623-47118E2DFBCA}) (Version: 16.1.2.25 - Intuit)

 

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)

 

Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.4222 - CyberLink Corp.) Hidden

 

RingCentral Softphone (HKLM-x32\...\{52F10407-8CF3-4EEB-8D4A-9AA02AE861FC}) (Version: 6.04.001.50 - RingCentral, Inc)

 

RingCentral Softphone (HKLM-x32\...\RingCentral) (Version:  - RingCentral, Inc.)

 

ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V4.2L14(Windows7) - PFU)

 

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

 

Service Pack 2 for SQL Server 2008 R2 (KB2630458) (HKLM-x32\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)

 

Snapshot Viewer (HKLM-x32\...\Snapshot Viewer) (Version:  - )

 

SQL Server 2008 R2 SP2 Common Files (HKLM-x32\...\{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

 

SQL Server 2008 R2 SP2 Common Files (HKLM-x32\...\{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

 

SQL Server 2008 R2 SP2 Database Engine Services (HKLM-x32\...\{4112625F-2D38-49EF-924F-48511BC5CD34}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

 

SQL Server 2008 R2 SP2 Database Engine Services (HKLM-x32\...\{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

 

SQL Server 2008 R2 SP2 Database Engine Services (HKLM-x32\...\{D428AB95-35B2-4868-B656-5C316E25EC69}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

 

SQL Server 2008 R2 SP2 Database Engine Services (HKLM-x32\...\{DF781E6F-BF29-4340-BEFB-09F7511B424D}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

 

SQL Server 2008 R2 SP2 Database Engine Shared (HKLM-x32\...\{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

 

SQL Server 2008 R2 SP2 Database Engine Shared (HKLM-x32\...\{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

 

Sql Server Customer Experience Improvement Program (HKLM-x32\...\{93998800-1608-403F-9A51-420A77D23C25}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden

 

SQL Server System CLR Types (HKLM-x32\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)

 

SQLXML 3.0 SP3 (HKLM-x32\...\{19ABFD8F-CB86-4965-9282-047FC27084F1}) (Version: 3.30.3457.0 - Microsoft Corporation)

 

SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)

 

Symantec Endpoint Protection (HKLM\...\{A5DCF955-5D4A-471D-8CB3-DCFDF5C5DEE7}) (Version: 12.1.5337.5000 - Symantec Corporation)

 

System Files (HKLM-x32\...\{1E1EF702-0FD3-4F6C-A986-F5BA78CF4553}) (Version: 20.14.1125.1018 - CCH Tax and Accounting. A Wolters Kluwer Company.) Hidden

 

Tax Grouping Update Wizard (HKLM-x32\...\{1EAD0655-E796-4DD5-A3C2-7EBB2456E475}) (Version: 1.0.0.1010 - CCH Tax and Accounting.  A Wolters Kluwer business) Hidden

 

Tax Grouping Update Wizard (HKLM-x32\...\{2112ABC0-A485-4BC3-AA97-EAE5492A8390}) (Version: 1.0.0.1022 - CCH Tax and Accounting.  A Wolters Kluwer business) Hidden

 

Theft Recovery for HP ProtectTools (HKLM-x32\...\{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.35 - Hewlett-Packard Company) Hidden

 

Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.35 - Hewlett-Packard Company)

 

TValue 5 (HKLM-x32\...\TValue 5) (Version:  - )

 

UltraTax Font Installer (HKLM-x32\...\{7177CDFD-3274-4F8C-977F-7C82C73CA34C}) (Version: 12.00.0000 - Thomson Reuters)

 

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

 

ViewMail (HKLM-x32\...\{A6DE3E0B-F9B6-4459-966B-2BC562CA72A3}) (Version: 3.7.1.76 - Applied Voice & Speech Technologies, Inc.)

 

ViewMail for Microsoft Messaging (HKLM-x32\...\{1EBA98CA-423E-493A-ACB4-7EB920B00F13}) (Version: 3.7.1.76 - Applied Voice & Speech Technologies, Inc.)

 

VIP Access SDK (1.0.1.4)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.)

 

Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)

 

Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)

 

Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)

 

WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}) (Version: 15.0.9411 - WinZip Computing, S.L. )

 

 

========================= Devices: ================================

 

 

 

========================= Memory info: ===================================

 

 

Percentage of memory in use: 52%

 

Total physical RAM: 16272 MB

 

Available physical RAM: 7744.82 MB

 

Total Virtual: 32542.21 MB

 

Available Virtual: 23782.42 MB

 

 

========================= Partitions: =====================================

 

 

1 Drive c: (OS) (Fixed) (Total:921.8 GB) (Free:800.41 GB) NTFS

 

2 Drive d: (HP_RECOVERY) (Fixed) (Total:9.61 GB) (Free:1.18 GB) NTFS

 

3 Drive e: (Virus Tools) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS

 

4 Drive g: (apps) (Network) (Total:600 GB) (Free:437.77 GB) NTFS

 

5 Drive h: () (Network) (Total:97.66 GB) (Free:40.92 GB)

 

6 Drive k: () (Network) (Total:234.57 GB) (Free:103.93 GB)

 

7 Drive p: (apps) (Network) (Total:600 GB) (Free:437.77 GB) NTFS

 

8 Drive s: () (Network) (Total:71.08 GB) (Free:26.1 GB)

 

9 Drive u: () (Network) (Total:97.66 GB) (Free:22.47 GB)

 

10 Drive w: () (Network) (Total:97.66 GB) (Free:22.47 GB)

 

11 Drive x: (Data) (Network) (Total:439.45 GB) (Free:253.65 GB) NTFS

 

 

========================= Users: ========================================

 

 

User accounts for \\HPDESK-121

 

 

Administrator            Guest                    jmiller                 

 

 

========================= Restore Points ==================================

 

 

18-06-2015 13:38:15 Scheduled Checkpoint

 

25-06-2015 17:33:57 Scheduled Checkpoint

 

06-07-2015 14:27:16 Scheduled Checkpoint

 

09-07-2015 16:46:22 Installed Symantec Endpoint Protection.

 

09-07-2015 17:34:28 Windows Update

 

 

**** End of log ****

 

 

Malwarebytes Anti-Rootkit BETA 1.09.1.1004

 

www.malwarebytes.org

 

 

Database version:

 

  main:    v2015.07.10.04

 

  rootkit: v2015.07.10.01

 

 

Windows 7 Service Pack 1 x64 NTFS

 

Internet Explorer 10.0.9200.17377

 

JMILLER :: HPDESK-121 [administrator]

 

 

7/10/2015 10:28:28 AM

 

mbar-log-2015-07-10 (10-28-28).txt

 

 

Scan type: Quick scan

 

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

 

Scan options disabled:

 

Objects scanned: 505328

 

Time elapsed: 26 minute(s), 33 second(s)

 

 

Memory Processes Detected: 0

 

(No malicious items detected)

 

 

Memory Modules Detected: 0

 

(No malicious items detected)

 

 

Registry Keys Detected: 0

 

(No malicious items detected)

 

 

Registry Values Detected: 0

 

(No malicious items detected)

 

 

Registry Data Items Detected: 0

 

(No malicious items detected)

 

 

Folders Detected: 0

 

(No malicious items detected)

 

 

Files Detected: 0

 

(No malicious items detected)

 

 

Physical Sectors Detected: 0

 

(No malicious items detected)

 

 

(end)

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/10/2015
Scan Time: 9:55 AM
Logfile: mbam.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.10.04
Rootkit Database: v2015.07.10.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: JMILLER

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 500864
Time Elapsed: 25 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
Trojan.Bedep.64, HKLM\SOFTWARE\CLASSES\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}, Quarantined, [8399716fdcaea98d7e7ad8e62fd205fb],
Trojan.Bedep.64, HKU\S-1-5-21-2121478501-1430975710-2212117103-1155_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}, Quarantined, [8399716fdcaea98d7e7ad8e62fd205fb],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
Trojan.Clicker.FMS, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}, Delete-on-Reboot, [eb316b75a8e22b0bfae28f6349b905fb],

Files: 2
Trojan.Bedep.64, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\tapiui.dll, Delete-on-Reboot, [8399716fdcaea98d7e7ad8e62fd205fb],
Trojan.Clicker.FMS, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\8afc49b02429a, Delete-on-Reboot, [eb316b75a8e22b0bfae28f6349b905fb],

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

 

 

---------------------------------------

 

Malwarebytes Anti-Rootkit BETA 1.09.1.1004

 

 

© Malwarebytes Corporation 2011-2012

 

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

 

 

Account is Administrative

 

 

Internet Explorer version: 10.0.9200.17377

 

 

File system is: NTFS

 

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

 

CPU speed: 3.392000 GHz

 

Memory total: 17062432768, free: 12397174784

 

 

No address found

 

No address found

 

No address found

 

Host not found

 

Downloaded database version: v2015.07.10.04

 

Downloaded database version: v2015.07.10.01

 

Downloaded database version: v2015.07.01.02

 

=======================================

 

Initializing...

 

------------ Kernel report ------------

 

     07/10/2015 10:28:16

 

------------ Loaded modules -----------

 

\SystemRoot\system32\ntoskrnl.exe

 

\SystemRoot\system32\hal.dll

 

\SystemRoot\system32\kdcom.dll

 

\SystemRoot\system32\mcupdate_GenuineIntel.dll

 

\SystemRoot\system32\PSHED.dll

 

\SystemRoot\system32\CLFS.SYS

 

\SystemRoot\system32\CI.dll

 

\SystemRoot\System32\drivers\idgyvdl.sys

 

\SystemRoot\system32\drivers\Wdf01000.sys

 

\SystemRoot\system32\drivers\WDFLDR.SYS

 

\SystemRoot\system32\drivers\ACPI.sys

 

\SystemRoot\system32\drivers\WMILIB.SYS

 

\SystemRoot\system32\drivers\msisadrv.sys

 

\SystemRoot\system32\drivers\pci.sys

 

\SystemRoot\system32\drivers\vdrvroot.sys

 

\SystemRoot\System32\drivers\partmgr.sys

 

\SystemRoot\system32\drivers\volmgr.sys

 

\SystemRoot\System32\drivers\volmgrx.sys

 

\SystemRoot\System32\drivers\mountmgr.sys

 

\SystemRoot\system32\drivers\iaStor.sys

 

\SystemRoot\system32\drivers\amdxata.sys

 

\SystemRoot\system32\drivers\fltmgr.sys

 

\SystemRoot\system32\drivers\fileinfo.sys

 

\SystemRoot\system32\drivers\symefasi\0500010.01F\symefasi.sys

 

\SystemRoot\System32\Drivers\Ntfs.sys

 

\SystemRoot\System32\Drivers\msrpc.sys

 

\SystemRoot\System32\Drivers\ksecdd.sys

 

\SystemRoot\System32\Drivers\cng.sys

 

\SystemRoot\System32\drivers\pcw.sys

 

\SystemRoot\System32\Drivers\Fs_Rec.sys

 

\SystemRoot\system32\drivers\ndis.sys

 

\SystemRoot\system32\drivers\NETIO.SYS

 

\SystemRoot\System32\Drivers\ksecpkg.sys

 

\SystemRoot\System32\drivers\tcpip.sys

 

\SystemRoot\System32\drivers\fwpkclnt.sys

 

\SystemRoot\System32\Drivers\MfeEpeOpal.sys

 

\SystemRoot\system32\drivers\vmstorfl.sys

 

\SystemRoot\system32\drivers\volsnap.sys

 

\SystemRoot\System32\Drivers\spldr.sys

 

\SystemRoot\System32\drivers\rdyboost.sys

 

\SystemRoot\System32\Drivers\mup.sys

 

\SystemRoot\System32\Drivers\MfeEpePc.sys

 

\SystemRoot\System32\drivers\hwpolicy.sys

 

\SystemRoot\System32\DRIVERS\fvevol.sys

 

\SystemRoot\system32\drivers\disk.sys

 

\SystemRoot\system32\drivers\CLASSPNP.SYS

 

\SystemRoot\system32\DRIVERS\cdrom.sys

 

\SystemRoot\system32\Drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys

 

\SystemRoot\system32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSP64.SYS

 

\SystemRoot\system32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSPX64.SYS

 

\SystemRoot\system32\Drivers\SEP\0C0114D9\1388.105\x64\Ironx64.SYS

 

\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

 

\??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20150708.032\EX64.SYS

 

\??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20150708.032\ENG64.SYS

 

\SystemRoot\System32\Drivers\Null.SYS

 

\SystemRoot\System32\Drivers\Beep.SYS

 

\SystemRoot\System32\drivers\vga.sys

 

\SystemRoot\System32\drivers\VIDEOPRT.SYS

 

\SystemRoot\System32\drivers\watchdog.sys

 

\SystemRoot\System32\DRIVERS\RDPCDD.sys

 

\SystemRoot\system32\drivers\rdpencdd.sys

 

\SystemRoot\system32\drivers\rdprefmp.sys

 

\SystemRoot\System32\Drivers\Msfs.SYS

 

\SystemRoot\System32\Drivers\Npfs.SYS

 

\SystemRoot\system32\DRIVERS\tdx.sys

 

\SystemRoot\system32\DRIVERS\TDI.SYS

 

\SystemRoot\system32\drivers\afd.sys

 

\SystemRoot\System32\DRIVERS\netbt.sys

 

\SystemRoot\system32\DRIVERS\wfplwf.sys

 

\SystemRoot\system32\DRIVERS\pacer.sys

 

\SystemRoot\system32\DRIVERS\vpcnfltr.sys

 

\SystemRoot\system32\DRIVERS\netbios.sys

 

\SystemRoot\system32\DRIVERS\serial.sys

 

\SystemRoot\system32\DRIVERS\wanarp.sys

 

\SystemRoot\system32\drivers\vpcvmm.sys

 

\SystemRoot\system32\drivers\termdd.sys

 

\SystemRoot\system32\DRIVERS\rdbss.sys

 

\SystemRoot\system32\drivers\nsiproxy.sys

 

\SystemRoot\system32\drivers\mssmbios.sys

 

\SystemRoot\System32\drivers\discache.sys

 

\SystemRoot\system32\drivers\csc.sys

 

\SystemRoot\System32\Drivers\dfsc.sys

 

\SystemRoot\system32\drivers\blbdrive.sys

 

\??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20150625.011\BHDrvx64.sys

 

\SystemRoot\system32\DRIVERS\tunnel.sys

 

\SystemRoot\system32\DRIVERS\atikmpag.sys

 

\SystemRoot\system32\DRIVERS\atikmdag.sys

 

\SystemRoot\System32\drivers\dxgkrnl.sys

 

\SystemRoot\System32\drivers\dxgmms1.sys

 

\SystemRoot\system32\DRIVERS\igdkmd64.sys

 

\SystemRoot\system32\drivers\HECIx64.sys

 

\SystemRoot\system32\DRIVERS\serenum.sys

 

\SystemRoot\system32\drivers\usbehci.sys

 

\SystemRoot\system32\drivers\USBPORT.SYS

 

\SystemRoot\system32\drivers\HDAudBus.sys

 

\SystemRoot\system32\drivers\i8042prt.sys

 

\SystemRoot\system32\drivers\kbdclass.sys

 

\SystemRoot\system32\DRIVERS\mouclass.sys

 

\SystemRoot\system32\drivers\parport.sys

 

\SystemRoot\system32\drivers\tpm.sys

 

\SystemRoot\system32\drivers\intelppm.sys

 

\SystemRoot\system32\drivers\wmiacpi.sys

 

\SystemRoot\system32\drivers\CompositeBus.sys

 

\SystemRoot\system32\DRIVERS\AgileVpn.sys

 

\SystemRoot\system32\DRIVERS\rasl2tp.sys

 

\SystemRoot\system32\DRIVERS\ndistapi.sys

 

\SystemRoot\system32\DRIVERS\ndiswan.sys

 

\SystemRoot\system32\DRIVERS\raspppoe.sys

 

\SystemRoot\system32\DRIVERS\raspptp.sys

 

\SystemRoot\system32\DRIVERS\rassstp.sys

 

\SystemRoot\system32\drivers\rdpbus.sys

 

\SystemRoot\system32\drivers\swenum.sys

 

\SystemRoot\system32\drivers\ks.sys

 

\SystemRoot\system32\DRIVERS\umbus.sys

 

\SystemRoot\system32\DRIVERS\vpcusb.sys

 

\SystemRoot\system32\DRIVERS\usbrpm.sys

 

\SystemRoot\system32\DRIVERS\USBD.SYS

 

\SystemRoot\system32\drivers\vpchbus.sys

 

\SystemRoot\system32\DRIVERS\usbhub.sys

 

\SystemRoot\System32\Drivers\NDProxy.SYS

 

\SystemRoot\system32\drivers\RTKVHD64.sys

 

\SystemRoot\system32\drivers\portcls.sys

 

\SystemRoot\system32\drivers\drmk.sys

 

\SystemRoot\system32\drivers\ksthunk.sys

 

\SystemRoot\system32\drivers\HdAudio.sys

 

\SystemRoot\system32\DRIVERS\cdfs.sys

 

\SystemRoot\system32\drivers\hidusb.sys

 

\SystemRoot\system32\drivers\HIDCLASS.SYS

 

\SystemRoot\system32\drivers\HIDPARSE.SYS

 

\SystemRoot\system32\DRIVERS\mouhid.sys

 

\SystemRoot\System32\win32k.sys

 

\SystemRoot\System32\drivers\Dxapi.sys

 

\SystemRoot\System32\Drivers\crashdmp.sys

 

\SystemRoot\System32\Drivers\dump_iaStor.sys

 

\SystemRoot\System32\Drivers\dump_MfeEpeHb.sys

 

\SystemRoot\System32\Drivers\dump_dumpfve.sys

 

\SystemRoot\system32\DRIVERS\monitor.sys

 

\SystemRoot\System32\TSDDD.dll

 

\SystemRoot\System32\cdd.dll

 

\SystemRoot\System32\ATMFD.DLL

 

\SystemRoot\system32\drivers\luafv.sys

 

\??\C:\Windows\system32\drivers\mbam.sys

 

\SystemRoot\system32\DRIVERS\lltdio.sys

 

\SystemRoot\system32\DRIVERS\rspndr.sys

 

\SystemRoot\system32\drivers\HTTP.sys

 

\SystemRoot\system32\DRIVERS\bowser.sys

 

\SystemRoot\System32\drivers\mpsdrv.sys

 

\SystemRoot\system32\DRIVERS\mrxsmb.sys

 

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

 

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

 

\SystemRoot\system32\drivers\peauth.sys

 

\SystemRoot\System32\Drivers\secdrv.SYS

 

\SystemRoot\System32\DRIVERS\srvnet.sys

 

\SystemRoot\System32\drivers\tcpipreg.sys

 

\SystemRoot\System32\DRIVERS\srv2.sys

 

\SystemRoot\System32\DRIVERS\srv.sys

 

\SystemRoot\system32\drivers\spsys.sys

 

\??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20150708.011\IDSvia64.sys

 

\??\C:\Windows\system32\drivers\mbamchameleon.sys

 

\SystemRoot\system32\DRIVERS\e1c62x64.sys

 

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

 

\Windows\System32\ntdll.dll

 

\Windows\System32\smss.exe

 

\Windows\System32\apisetschema.dll

 

\Windows\System32\autochk.exe

 

\Windows\System32\kernel32.dll

 

\Windows\System32\lpk.dll

 

\Windows\System32\shlwapi.dll

 

\Windows\System32\rpcrt4.dll

 

----------- End -----------

 

Done!

 

 

Scan started

 

Database versions:

 

  main:    v2015.07.10.04

 

  rootkit: v2015.07.10.01

 

 

<<<2>>>

 

Physical Sector Size: 512

 

Drive: 0, DevicePointer: 0xfffffa800f8d2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

 

--------- Disk Stack ------

 

DevicePointer: 0xfffffa800f8d2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

 

DevicePointer: 0xfffffa800ddb5860, DeviceName: Unknown, DriverName: \Driver\MfeEpeOpal\

 

DevicePointer: 0xfffffa800f8d3040, DeviceName: Unknown, DriverName: \Driver\MfeEpePc\

 

DevicePointer: 0xfffffa800f8d2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

 

DevicePointer: 0xfffffa800d8c2c00, DeviceName: Unknown, DriverName: \Driver\ACPI\

 

DevicePointer: 0xfffffa800d8c3050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

 

------------ End ----------

 

Alternate DeviceName: Unknown, DriverName: \Driver\MfeEpeOpal\

 

Upper DeviceData: 0x0, 0x0, 0x0

 

Lower DeviceData: 0x0, 0x0, 0x0

 

<<<3>>>

 

Volume: C:

 

File system type: NTFS

 

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

 

<<<2>>>

 

<<<3>>>

 

Volume: C:

 

File system type: NTFS

 

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

 

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

 

Done!

 

Drive 0

 

This is a System drive

 

Scanning MBR on drive 0...

 

Inspecting partition table:

 

MBR Signature: 55AA

 

Disk Signature: 9EFC39AE

 

 

Partition information:

 

 

    Partition 0 type is Primary (0x7)

 

    Partition is ACTIVE.

 

    Partition starts at LBA: 2048  Numsec = 204800

 

    Partition file system is NTFS

 

    Partition is bootable

 

 

    Partition 1 type is Primary (0x7)

 

    Partition is NOT ACTIVE.

 

    Partition starts at LBA: 206848  Numsec = 1933164544

 

 

    Partition 2 type is Primary (0x7)

 

    Partition is NOT ACTIVE.

 

    Partition starts at LBA: 1933371392  Numsec = 20150272

 

 

    Partition 3 type is Empty (0x0)

 

    Partition is NOT ACTIVE.

 

    Partition starts at LBA: 0  Numsec = 0

 

 

Disk Size: 1000204886016 bytes

 

Sector size: 512 bytes

 

 

Done!

 

File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-AE125A7FC1A14AB878428C0D281AA9FE0E699981.bin.VE1" is compressed (flags = 1)

 

File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-AE125A7FC1A14AB878428C0D281AA9FE0E699981.bin.VF" is compressed (flags = 1)

 

Scan finished

 

=======================================

 

 

 

Removal queue found; removal started

 

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...

 

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...

 

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...

 

Removal finished

 

 

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/10/2015 10:56:38 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PID: 5632) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 07/10/2015 10:57:41 AM
Execution time: 0 hours(s), 1 minute(s), and 3 seconds(s)



#6 kob2

kob2

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 10 July 2015 - 11:26 AM

I am doing the scans right now so I can post the logs.  MBAM found Trojan.bedop and Trojan.clicker.  As soon as the scans are done I will post the logs and Broni can assist me further.   Thanks Broni!

Thanks for reply and update, I have seen references to bedop as well.



#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:18 AM

Posted 10 July 2015 - 03:11 PM

Please re-run MBAM one more time and post fresh log.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#8 kob2

kob2

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 10 July 2015 - 09:28 PM

 

I am doing the scans right now so I can post the logs.  MBAM found Trojan.bedop and Trojan.clicker.  As soon as the scans are done I will post the logs and Broni can assist me further.   Thanks Broni!

Thanks for reply and update, I have seen references to bedop as well.

 

 

I ended up just backing up to a restore point before the behavior had occurred [Windows 7]. Problem _seems_ to be resolved. Will continue to monitor.



#9 shenly

shenly
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 13 July 2015 - 10:31 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/10/2015
Scan Time: 4:45 PM
Logfile: 7 10 15 Scan.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.10.06
Rootkit Database: v2015.07.10.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: JMILLER

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 501355
Time Elapsed: 16 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#10 shenly

shenly
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 13 July 2015 - 10:32 AM

kob2 - I have tried that in the past and some times it works and some times it doesn't.   Exactly why I waited for someone else's expertise.   But I think the scans have taken care of it.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users